| Eric J. Roode on 29 Jul 2005 16:40:59 -0000 |
|
gyoza@comcast.net wrote: I'm curious about the "Validity" field. My key shows "Ultimate" and all others show "Unknown". (Trust is set to "Full" for my key and the others are set to "Marginal".) How is validity determined? Validity is how sure you are that the key in question really really is the key of the person that it's claimed to be associated with. You have your secret key on hand, so it's clear that your public key is valid. You haven't validated anyone else's key, so they're all "unknown". Trust is how much you trust a person's judgment in validating other keys. For example, I strongly trust certain people to definitively check a person's identity and public key before they'll sign (vouch for) that person's key. If I receive a public key that I personally haven't validated, but which (say) Walt Mankowski and Michael Toren have both signed, I can be pretty certain that the key I have is genuine. GPG has no way of knowing how trustworthy a person is; it uses whatever value you enter. Validity, on the other hand, is computed. If the secret key is on-hand, the public key is ultimately valid. If a public key is signed by a secret key that is on-hand, the public key is considered valid. If the key isn't signed by you, but is signed by three (I think) other people whose keys are known to be valid and who are trustworthy, the key is considered valid. HTH. Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|